Telnet is not cutting the cheese when it comes to the production network remote management security. As you are aware, Telnet does not seal mounted payload, so with that being said online that anyone can sniff, transportation and reconstruction of the Telnet communication, turn on password can be reckoned a major loophole, as well as other types of confidential sensitive information is transmitted in the network through the Telnet Protocol.
Since the birth of this Telnet a known problem resolved with the Secure Shell, also known as introduction to SSH.
SSH in a nutshell are basically Telnet with encryption to securely package the traffic load to prevent sniffing does not need this sort of traffic. SSH can use different types of encryption algorithms of data encryption standard (DES), AES 256-bit CBC on the way.
Lab Prerequisites:
- If you are using GNS3, loaded free CCNA Binder GNS3 topology and R1.
- Establish a console session with the Router 1.
- Create and configure a loopback interface with the IP address 10.1.1.1/24
- By VTY lines to establish a remote session SSH order needed to create any user name and password in the local user database.
- Should configure the VTY line authentication to authenticate a database on this computer. (Please note that you can use to log on locally or the level AAA authentication list for this purpose)
Lab Instruction:
Step 1. Generate RSA keys are generally used as requirements, you need to change the host name to another then the default host name "router" host name. In this case, you can use the R1 is shown below;
Router con0 is now available
Press RETURN to get started.
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#
Step 2. Generating RSA certificates on a Cisco device before another requirement is to set the domain name. The purpose of this lab, the domain name will be set to looks like this;
R1(config)#ip domain-name
Step 3. Now, you're ready to generate the RSA certificate functionality. To generate a RSA authentication you will perform cryptographic key generation RSA key modulus modulus keysize range command followed by [360-2048]. As shown below, uses a 1024-bit modulus key generate RSA certificates
R1(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: R1.freeccnaworkbook.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#
%SSH-5-ENABLED: SSH 1.99 has been enabled
You will notice immediately generated RSA keys are generally used, SSH v1.99 is enabled. Note larger keysize, the longer it to generate.
Once you have enabled SSH v1.99, you can use SSH v2 Protocol to connect to a remote terminal emulator PuTTY, SecureCRT, and other; discover Cisco devices exclude HyperTerminal as it does not support encrypted connections.
Step 5. Configuring the transport input accepts only SSH protocol VTY lines by performing the transport input SSH vty line configuration mode is shown;
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
Step 6. Verify that your SSH configuration using Cisco IOS SSH client and SSH into the router's loopback interface 10.1.1.1
Minimum documentation exists about Cisco IOS SSH client. Using Cisco IOS contextual explanation? See the ssh command options that are available.
R1(config-line)#end
R1#ssh -l john 10.1.1.1
Password:
R1#show ssh
Connection Version Mode Encryption Hmac State Username
0 1.99 IN aes128-cbc hmac-sha1 Session started john
0 1.99 OUT aes128-cbc hmac-sha1 Session started john
%No SSHv1 server connections running.
R1#
0 comments:
Post a Comment